Here’s what you need to know
Cisco Systems warned that hackers have infected at least 500,000 routers and storage devices in dozens of countries with highly sophisticated malicious software, possibly in preparation for another massive cyber attack on Ukraine in a bid to disrupt the Champions League final in Ukraine’s capital.
The malware, which has been called VPNFilter by Cisco, could be used for espionage as well as to destroy the devices that it has infected.
Steve Giguere, lead EMEA engineer at Synopsys: “There is every bit of evidence to suggest that the VPNFilter is targeted at the Ukraine. Elements of its character tie back to the same Nation-state sponsored threat actor APT28 (Fancy Bear), that were connected to the disruptive malware NotPetya which ‘coincided’ with the Ukraine’s Constitution Day last year. With this weekend’s final, being a potentially larger international spectacle, this could be the 2018 version. As for whether it’s an attempt to destabilise the country, it comes as a bit of a 2 for 1 deal as its ability to ‘brick’ it’s host device could be an element that is deployed shortly after its primary task is either completed or at risk of failure. It’s primary task is however, unknown. As it appears to be monitoring industrial Modbus SCADA protocols, perhaps the timing of the Champions League final is a distraction. Researchers are already making progress at shutting down the malware’s command and control centres, but, with such a widespread deployment it will be a race against time to see if it can be neutralised prior to initiating.”